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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- tf NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )I3 Responsive to communication(s) filed on 26 January 2004 . 
2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-38 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) 1-38 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Response to Amendment 



This office action is in response to amendment filed on 1/26/04 (Paper No. 6). Original 
application contained Claims 1-38. Applicant amended Claim 1 . The amendment filed on 
1/26/04 have been entered and made of record. Therefore, presently pending claims are 1-38. 



Applicants arguments filed 1/26/04 have been fully considered but they are not 
persuasive because of the new grounds of rejection given below. 

The examiner asserts that the prior art does teach or suggest the subject matter broadly 
recited in independent Claims 1, 10, 17, 21, 30, 37, and 38. Dependent Claims 2-9, 11-16, 18-20, 
22-, 29, and 3 1-36 are also rejected at least by virtue of their dependency on independent claims 
and by other reason set forth in this office action (Paper No. 6). Accordingly, rejections for 
claims 1-38 are respectfully maintained. 



The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-38 are rejected under 35 U.S.C 103(a) as being unpatentable over Sampson 



Response to Arguments 



Claim Rejections - 35 USC § 103 



(6,339,423) in view of (6,029,141). 
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In reference to claims 7, 27, and 37, Sampson discloses a system for processing data for 
providing access to resources within the data processing system, the method comprising the data 
processing system implemented steps of: 

Receiving a request from a requestor to access a resource in the data processing system 
(column 5 lines 31-35). 

Sending a first cookie to the requestor in response to the request, wherein the cookie is 
used to access the resource (column 8 lines 45-51 in combination with column 5 lines 35-60). 
After the authentication of the browser, it is sent a cookie which it then uses to access resources 
on server within the same domain. 

Storing an identification of the requestor and the first cookie to form a stored 
identification and a stored cookie (column 2 lines 27-40). The client machine 1 10 inherently has 
identification information stored in the machine to identify itself to network. The browser 
receives the cookie and stores it. 

The system is responsive to receiving a second cookie from a source, comparing an 
identification of the source and the second cookie with the stored identification and the stored 
cookie (column 5 lines 10-14 in combination with column 7 lines 57-59). The browser is 
authenticated and authentication information inherently contains identification information in 
order to complete the authentication, thus the process of authentication includes the step of 
identification and therefore would require identification information. 

The system is further responsive to a verification of the cookie information and then 
allowing access to the resource (column 7 lines 13-15). Verification requires that the 
information in the cookie must match the expected information. 
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Sampson does not expressly disclose the second cookie being matched with a stored 

cookie. 

However, Bezos discloses a verification process used to match the cookie with the 
information stored in the server. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to compare the cookie to information stored in the server in order to verify the user 
as in the method of Bezos in the system of Sampson. One of ordinary skill in the art would have 
been motivated to do this because the information in the cookie is information compiled and 
used by the server therefore the cookie is a method for identifying the customer. 

In reference to claim 10, 30, and 38, Sampson discloses a method in a data processing 
system for processing a cookie, the method comprising the data processing system implemented 
steps of: 

Receiving a request form a source to access a resource in the data processing system 
(column 8 line 24). The Primary Domain Agent requests the resource stored on itself from the 
Multi-Domain Token Server on behalf of the browser. Sending a cookie to the source to form a 
sent cookie, wherein the sent cookie is used to access the resource (column 8 lines 12-14). The 
protected server is then responsive to receiving a subsequent cookie, authenticating the 
subsequent user (column 4 lines 57-60). The protected server is then responsive to 
authenticating the subsequent cookie, allowing access to the resource (column 4 line 60 to 
column 5 line 2). 

Sampson does not expressly disclose the second cookie being authenticated with the 

cookie. 
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However, Bezos discloses a verification process used to match the cookie with the 
information stored in the server. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to compare the cookie to information stored in the server in order to verify the user 
as in the method of Bezos in the system of Sampson. One of ordinary skill in the art would have 
been motivated to do this because the information in the cookie is information compiled and 
used by the server therefore the cookie is a method for identifying the customer. 

In reference to claim 17, the claim is rejected as in the rejection for claim 1, in addition 
the system disclosed by Sampson comprising a cache (column 8 lines 15-17), and a cookie 
management process as rejected by the rejection for claim 1 . 

In reference to claims 2 and 22 wherein access to the resource is allowed by accepting 
the second cookie (Sampson column 5 lines 14-16). 

In reference to claims 3 and 23, wherein the system comprises: rejecting means, 
responsive to an absence of a match between the identification of the source and the second 
cookie and the stored identification and the stored cookie, for rejecting the second cookie (part 
222 of Fig 8). 

In reference to claims 4, 9, 15, 16, 19, 24, 29, 35, and 36 wherein the resource is a file 
and the first cookie identifies disk location of the file. Sampson discloses the resource being a 
static file (column 31-52). The information about the file encompasses file location. 

In reference to claims 5, 14, 25, and 34, wherein the source is a web server (Bezos et al 
Fig. 1). The device in Bezos that carries out the verification of the cookie is a web server. 
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In reference to claims 6 and 26, wherein the storing means for storing an identification of 
the source and the first cookie to form a stored identification and a stored cookie comprises: 
storing means for storing the identification of the source and the first cookie in a cache(column 8 
lines 15-17). 

In reference to claim 20, wherein the identification of the requestor and the identification 
of the source are Internet protocol addresses. Sampson discloses a system wherein the 
identification of the source is an Internet protocol address. 

However Sampson does not expressly disclose the identification of the requestor being an 
internet protocol address. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the internet protocol address for the identification of the requestor in the 
system by Sampson. One of ordinary skill in the art would have been motivated to do this 
because the internet protocol address is a common method of identifying a system on the 
network. 

In reference to claims 7 and 27, Sampson discloses a system wherein the identification of 
the source is Internet protocol addresses (column 7 lines 45-50). 

In reference to claims 8 and 28, wherein the receiving means, sending means, storing 
means, comparing means, and allowing means are performed in a browser. According to the 
teachings of Sampson, the distributed system may vary (column 6 lines 7-36). Therefore the 
server and client could all run on the same system and as a result all the functions as disclosed in 
claim 1 would be performed in the browser. 

In reference to claim 18, wherein the requestor is a server. 



Application/Control Number: 09/478,309 Page 7 

Art Unit: 2135 

In reference to claims 11 and 31, further comprising: storing means for storing the sent 
cookie and an identification of the source (column 7 lines 45-50). 

In reference to claims 12 and 32, wherein the sent cookie and the identification of the 
source are stored in a cache (column 8 lines 15-17). 

In reference to claim 13 and 33, wherein the identification is a stored identification and 
wherein the authenticating step comprises: 

Comparing the stored identification with an identification of a source for the subsequent 
cookie; and comparing the sent cookie with the subsequent cookie. 

Sampson does not expressly disclose the second cookie being authenticated with the 

cookie. 

However, Bezos discloses a verification process used to match the cookie with the 
information stored in the server. The definition of a cookie is information that is stored on a 
browser for the use of the server. The information is received from the server as a result the 
server can use the information in the server for the authentication this is the equivalent of 
reconstructing the cookie and then using it to authenticate the first cookie, since the information 
used is the same. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to compare the cookie to information stored in the server in order to verify the user 
as in the method of Bezos in the system of Sampson. One of ordinary skill in the art would have 
been motivated to do this because the information in the cookie is information compiled and 
used by the server therefore the cookie is a method for identifying the customer. 

Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W Klimach whose telephone number is (703) 305-8421. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (703) 305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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